I'm on ~x86 and though I'm not proud to admit it I went ~4 months without updating world. I just finished it up and things seem fine. Sure I had to run revdep-rebuild a couple times in between update attempts when something failed but it ultimately seemed to have worked. From what I read before I was expecting to have to do a full re-install. I'm glad this wasn't the case.

Did I just get lucky or is it actually fairly common to be able to successfully go 4 months without an update without hosing the system when finally getting around to it?

Well, 4 Months is not a long time. OTOH I cannot give you an exact number, when it becomes troublesome to upgrade.
IIRC there was no larger change (expat/libxml like breakage) in the past 4 months, so I would expect a clean upgrade.

I addition, you mentioned to to be running on testing (~x86) which prolongs the time you may go without upgrade before running into trouble, as you are already using the latest packages (and as such the latest dependencies).

I had (a couple of years back) to upgrade a gentoo system which hadn't been upgraded fro 2 years. the upgrade itself was not the problem, but that some packages (IIRC mailman) had suddenly been moved around, and a had to move around the mail archives to make accessible once more.

In general, the more you expect a breakage, the less likely it seems to happen (just like Murphy's Law).
And upgrading more often, helps that you only run into one problem at a time, rather than into a bunch of them, and then having to figure out which really caused the problem.

just my .02$
V._________________read the portage output!
If my answer is too concise, ask for an explanation.

I run a few gentoo boxes. I keep my main ~amd64 system updated regularly, it tends to go quite well. I also have a home server running gentoo, I only upgrade it once or twice a year. It's on stable and I don't run things like X on it and I can't recall ever having a serious problem upgrading it.

I tend to find that individual packages which undergo changes cause the most issues. I think my php install was temporarily borked due to changes in config file locations or something (I can't remember exactly) but these are often down to me not reading portage output or rushing etc-update. However these individual changes aren't made worse by leaving them for a while it's just that you can get a bunch of them in one go.

I guess it would be more sensible to keep up with updates cause its public facing but it's only my home server.

So in my personal experience it is ok to leave long gaps between updates. Having said that you might be in for an interesting few hours if you left it for something like 2 years _________________"Give me control of a nation's money and I care not who makes the laws."
Mayer Amschel Rothschild

I guess I did have a minor issue after all due to the ABI change in X. I had to rebuild a couple drivers, mainly for hotplugging (evdev) which I was using. Not a big deal and portage warned me about it and even specified exactly what to do.

It's good to see that Gentoo isn't "either update it at least every month or you'll be sorry next time" as some people seem to believe.

Not a big deal and portage warned me about it and even specified exactly what to do.

I guess that is the problem with most cases where the upgrade broke. People are getting just to lazy and do not read the portage output (on of the reasons for my sig), or just do not interpret what they are being told.

Agreed, gentoo is not a fire-and-forget kind of distro, but of you read (and understand) the instructions (not just in the handbook, but also on the cli) and do as you are told, gentoo is pretty simple to handle.

V._________________read the portage output!
If my answer is too concise, ask for an explanation.

Well, the main reason an old system has become more difficult to upgrade in the past 1 to 2 years is that there have been many EAPI upgrades. The longer between EAPI updates and feature changes, the longer your system will likely be able to get old and still upgrade successfully. Provided there is not any major system packages ABI changes thrown it too._________________Brian
Porthole, the Portage GUI frontend irc@freenode: #gentoo-guis, #porthole, Blog
layman, gentoolkit, CoreBuilder, esearch...

One thing that broke one of my machines, despite regular upgrade, udev needs >=2.6.27
Another thing that is scary right now, is the openrc update in stabe x86_________________Gentoo on Uptime Project - Larry is a cow

I've successfully updated a Gentoo system that hadn't seen any updates since 2006 (so over four years) it was a huge pain but it worked. Currently I'm upgrading another system of about the same age, which is probably going to be even more of a pain since it's an UltraSPARC..._________________Fvwm|Fvwm forum

If you know what youre doing, you can go a long time without updates. I potentially can bring up may problems, but it can be done. I've upgraded boxes that have gone > 2 years without updates. Though admittedly they do run fairly minimal package sets.

While I tend to update often, waiting does have some benefits such as most bugs are either already fixed or there's already a ton of information on how to fix out there when you do update. It's kind of a trade off, you might hit more problems at once but you get the benefit of usually already having a solution availible.

I think, this mainly applies to the unstable branch.
for the stable branch, packages often have been around for sometime, so you should be able to find a solution pretty easy.

V.

Not if you don't upgrade for a long time, there's usually unforeseen breakage because you follow an unanticipated upgrade path, sometimes even ebuilds are just plain broken referencing packages that haven't been in portage for years, not to mention changes in core package versions (python and glibc come to mind) and the like possibly breaking portage or other core software. Some of these problems can be pretty hard to find and more often than not are not, or badly, documented.

Also the devs don't care about them (and rightly so) as upgrading such a long neglected system is just not supported._________________Fvwm|Fvwm forum

Personally I update everything once a week, though I'm mostly using stable apart from some X11/desktop stuff, latest mplayer/ffmpeg, latest vanilla-sources, latest udev, glibc 2.13, and security updates that aren't stabilised or in the tree (in which case I just copy them over to my overlay and change the version or add the patch myself), so there's rarely any serious updates that break everything.

The only annoying thing is having to update some stuff twice, because I make my own emul-linux packages (the "official" ones are always dangerously out of date).

Last edited by m0p on Sat Jun 11, 2011 1:06 pm; edited 1 time in total

In my crontab I have emerge --sync and basically everything works well when emerge -uDN world is applied. I have come across a couple of issues one being glibc upgrade a couple weeks ago and the other was udev the other day. It has been my observation that sometimes there are errors and if looks like it does not makes sense wait for the next sync and everything gets straightened out. Otherwise Gentoo has been the *best* Linux experience that I have ever had in the over ten years of Linux use.

emerge --sync is not meant to be put into crontab. Please launch it manually when needed and save some resources.

As for upgrading old installations. Depending on the packages installed this can be from very easy to a real hassle. There are also the packages I have to fight anyway with every update (kde is the prime example).

Most of my Gentoo boxes I only update about every 3-4 months, I rarely see any issues which could be attributed in anyway to the update interval. Personally, I recommend to update at least every 6 month.

Why is emerge --sync "not meant" to be put in crontab? Since it is set to execute once a day, I fail to see the problem and for the sake of security is it not important to update and patch any operating system regularly?

sera wrote:

emerge --sync is not meant to be put into crontab. Please launch it manually when needed and save some resources.

I run a server on my LAN for DNS, NFS, SMTP, and IMAP. (I use fetchmail and keep my mail locally.) As long as all of that is running, I also keep a portage mirror as well as http-replicator. In that setting, I think that putting "emerge --sync" in a cron file on the server is the right thing to do._________________.sigs waste space and bandwidth

Why is emerge --sync "not meant" to be put in crontab? Since it is set to execute once a day, I fail to see the problem and for the sake of security is it not important to update and patch any operating system regularly?

sera wrote:

emerge --sync is not meant to be put into crontab. Please launch it manually when needed and save some resources.

I think he might mean it in the sense of saving resources on the remote servers. More than likely if everyone ran an 'emerge --sync' daily the servers would become overloaded. So I suppose the etiquette might be to sync only when you need to (such as when actually upgrading packages). But AFAIK you aren't breaking any 'rules' by doing it since I believe the rule is not to sync more than once a day.

I think he might mean it in the sense of saving resources on the remote servers. More than likely if everyone ran an 'emerge --sync' daily the servers would become overloaded. So I suppose the etiquette might be to sync only when you need to (such as when actually upgrading packages). But AFAIK you aren't breaking any 'rules' by doing it since I believe the rule is not to sync more than once a day.

Why is emerge --sync "not meant" to be put in crontab? Since it is set to execute once a day, I fail to see the problem and for the sake of security is it not important to update and patch any operating system regularly?

Yes, it is important from the security point to update the system regularly (at least, if the system is on the net). However, emerge --sync does not do this: It will do nothing than just using resources. It makes only sense if you run emerge -NaDu @world afterwards. If you have also emerge -NDu @world in your cron job, it makes sense, although I would not recommend doing so unless you check logs very regularly and very carefully and are prepared to wake up with a broken system (even if there is no unexpected probkem, there are also other things like etc-update, emerge --depclean, revdep-rebuild, python-updater, perl-updater, ... which should have been called in between). However, if you do not have emerge -NDu @world in your crontab, then the emerge --sync in the crontab is just eating resources for nothing: It is better (especially from the security point of view) to call emerge --sync immediately before you call emerge -NDu @world, because only in this case you make sure you get the latest (possibly security-related) upgrades.

Better security procedure would be subscribing to a GLSA feed, and reading it.

Better than upgrading regularly?

I would say one is not a substitute for the other: A lot of projects tend to close security relevant problems with a minor version upgrade. (The kernel has almost become famous of this, but it is certainly not the only project.) So having up-to-date packages is in any case a good security measurement.

Moreover, keeping your system up-to-date means that practically no GLSA will apply to you at the time it becomes public - at least, it didn't happen since years to me.

its not a hard equivalent to (==) its more of a probability thing.
The last 6months have been quite benign from a system point of view and ABI
we haven't had an expat like system upgrade path issue in some time, no major bump to an EAPI couple with removal of lowest common denominator w.r.t. an upgrade path.

so the longer you go without updating there is an increase chance you will hit more and more upgrade annoyances which could result in a non-viable upgrade path_________________The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king

It is my understanding that "emerge --sync" is not to be performed more that twice a day. Since this is in the crontab for once a day, and in the morning "emerge -uDN world && emerge --depclean && revdep-rebuild" is applied, I feel that this is keeping up to the expected standard. If necessary, other commands such as etc-update are applied as well. It seems to me that applying commands such as emerge -uDN world in the crontab is just asking for trouble.

Keeping an up-to-date system(s) is important to me and daily reviews of CVE updates does seem very important as well.